Reader Comments
Post a new comment on this article
Post Your Discussion Comment
Please follow our guidelines for comments and review our competing interests policy. Comments that do not conform to our guidelines will be promptly removed and the user account disabled. The following must be avoided:
- Remarks that could be interpreted as allegations of misconduct
- Unsupported assertions or statements
- Inflammatory or insulting language
Thank You!
Thank you for taking the time to flag this posting; we review flagged postings on a regular basis.
closeSuperficial article
Posted by RossAnderson on 05 Dec 2011 at 11:36 GMT
CS and medicine are different. In medicine people repeat work all the time; in ours you can't get repetitious work published. So there's no point in my publishing a paper about re-identifying NHS patients by postcode and date of birth after Latanya published her classic on
re-identifying US patients by date of birth and zip code. So even if their literature search had been thorough, the medical methodology of a meta-analysis is weak.
But the authors' search wasn't at all thorough. Much computer security work is published by Springer, not by the ACM and IEEE, or online as tech reports. So they only got one of Cynthia Dwork's papers, for example, and not the most important ones.
Finally, the claim that modern de-identification techniques are effective is not consistent with empirical observation. In the UK, the "pseudonymous" records used in research still have date of birth plus postcode. Yet it is to be expected that this article will be cited as an excuse by medical researchers who won't read the detail and will continue to operate systems that are both unsafe and unlawful.